protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); User user = userService.find(username, password); if (user != null) { request.getSession().setAttribute("user", user); // Login user. response.sendRedirect("home"); // Redirect to home page. } else { request.setAttribute("message", "Unknown username/password. Please retry."); // Store error message in request scope. request.getRequestDispatcher("/WEB-INF/login.jsp").forward(request, response); // Forward to JSP page to redisplay login form with error. } }
/** * Retrieves saved FlashMap instances from the HTTP session, if any. */ @Override @SuppressWarnings("unchecked") @Nullable protected List<FlashMap> retrieveFlashMaps(HttpServletRequest request) { HttpSession session = request.getSession(false); return (session != null ? (List<FlashMap>) session.getAttribute(FLASH_MAPS_SESSION_ATTRIBUTE) : null); }
/** * Set the session attribute with the given name to the given value. * Removes the session attribute if value is null, if a session existed at all. * Does not create a new session if not necessary! * @param request current HTTP request * @param name the name of the session attribute * @param value the value of the session attribute */ public static void setSessionAttribute(HttpServletRequest request, String name, @Nullable Object value) { Assert.notNull(request, "Request must not be null"); if (value != null) { request.getSession().setAttribute(name, value); } else { HttpSession session = request.getSession(false); if (session != null) { session.removeAttribute(name); } } }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!SessionUtils.hasAuthenticationToken(request)) { LOGGER.debug("Authentication token is not created for the request."); filterChain.doFilter(request, response); return; } final AuthenticationToken<?> authenticationToken = SessionUtils.getAuthenticationToken(request); Assert.notNull(authenticationToken); synchronized (request.getSession(false).getId().intern()) { long localCopyOfLastChangedTime = lastChangedTime;//This is so that the volatile variable is accessed only once. Long previousLastChangedTime = (Long) request.getSession().getAttribute(SECURITY_CONFIG_LAST_CHANGE); if (previousLastChangedTime == null) { request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime); } else if (previousLastChangedTime < localCopyOfLastChangedTime) { request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime); LOGGER.debug("Invalidating existing token {}", authenticationToken); authenticationToken.invalidate(); } } filterChain.doFilter(request, response); }
private Long lookupSandboxId(HttpServletRequest request) { String sandboxIdStr = request.getParameter(SANDBOX_ID_VAR); Long sandboxId = null; if (sandboxIdStr != null) { try { sandboxId = Long.valueOf(sandboxIdStr); if (LOG.isTraceEnabled()) { LOG.trace("SandboxId found on request " + sandboxId); } } catch (NumberFormatException nfe) { LOG.warn("blcSandboxId parameter could not be converted into a Long", nfe); } } if (sandboxId == null) { // check the session HttpSession session = request.getSession(false); if (session != null) { sandboxId = (Long) session.getAttribute(SANDBOX_ID_VAR); if (LOG.isTraceEnabled()) { if (sandboxId != null) { LOG.trace("SandboxId found in session " + sandboxId); } } } } else { HttpSession session = request.getSession(); session.setAttribute(SANDBOX_ID_VAR, sandboxId); } return sandboxId; }
/** * Adds a session value to the request */ protected void addSessionValue(final HttpServletRequest request, final String key, final Object value) { List l = (List) request.getSession(true).getAttribute(key); if (l == null) { l = new ArrayList(); } l.add(value); request.getSession(true).setAttribute(key, l); }
public boolean verify(HttpServletRequest request) { String postedToken = request.getParameter(TOKEN); String expectedToken = (String) request.getSession().getAttribute(TOKEN); return !StringUtils.isBlank(postedToken) && !StringUtils.isBlank(expectedToken) && postedToken.equals(expectedToken); } }
HttpSession session = request.getSession(); chain.doFilter(req, res); return; session.setAttribute(LOGIN_HINT, loginHint); } else { session.removeAttribute(LOGIN_HINT); chain.doFilter(req, res); } else { logger.info("Client requested no prompt"); response.sendRedirect(uriBuilder.toString()); return; if (session.getAttribute(PROMPTED) == null) { session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE); chain.doFilter(req, res); } else { session.removeAttribute(PROMPTED); chain.doFilter(req, res); Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
String usernameParam = request.getParameter(PARAM_NAME_USERNAME); String passwordParam = request.getParameter(PARAM_NAME_PASSWORD); if (username.equals(usernameParam) && password.equals(passwordParam)) { request.getSession().setAttribute(SESSION_USER_KEY, username); response.getWriter().print("success"); } else { || path.startsWith("/img"))) { if (contextPath.equals("") || contextPath.equals("/")) { response.sendRedirect("/druid/login.html"); } else { if ("".equals(path)) { response.sendRedirect("druid/login.html"); } else { response.sendRedirect("login.html");
String authRole = (String) request.getSession().getAttribute("authRole"); request.getSession().setAttribute("flashMsg", "Node created!"); dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Creating node: " + currentPath + newNode); request.getSession().setAttribute("flashMsg", "Property Saved!"); if (ZooKeeperUtil.INSTANCE.checkIfPwdField(newProperty)) { newValue = ZooKeeperUtil.INSTANCE.SOPA_PIPA; dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Saving Property: " + currentPath + "," + newProperty + "=" + newValue); request.getSession().setAttribute("flashMsg", "Property Updated!"); if (ZooKeeperUtil.INSTANCE.checkIfPwdField(newProperty)) { newValue = ZooKeeperUtil.INSTANCE.SOPA_PIPA; dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Updating Property: " + currentPath + "," + newProperty + "=" + newValue); List delPropLst = Arrays.asList(prop); ZooKeeperUtil.INSTANCE.deleteLeaves(delPropLst, ServletUtil.INSTANCE.getZookeeper(request, response, zkServerLst[0], globalProps)); request.getSession().setAttribute("flashMsg", "Delete Completed!"); dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Deleting Property: " + delPropLst.toString()); List delNodeLst = Arrays.asList(node); ZooKeeperUtil.INSTANCE.deleteFolders(delNodeLst, ServletUtil.INSTANCE.getZookeeper(request, response, zkServerLst[0], globalProps)); request.getSession().setAttribute("flashMsg", "Delete Completed!"); dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Deleting Nodes: " + delNodeLst.toString());
/** * @see org.acegisecurity.ui.AbstractProcessingFilter#determineFailureUrl(javax.servlet.http.HttpServletRequest, org.acegisecurity.AuthenticationException) */ @Override protected String determineFailureUrl(HttpServletRequest request, AuthenticationException failed) { Properties excMap = getExceptionMappings(); String failedClassName = failed.getClass().getName(); String whereFrom = request.getParameter("from"); request.getSession().setAttribute("from", whereFrom); return excMap.getProperty(failedClassName, getAuthenticationFailureUrl()); }
public class LoginAction implements Action { public String execute(HttpServletRequest request, HttpServletResponse response) throws Exception { String username = request.getParameter("username"); String password = request.getParameter("password"); User user = userDAO.find(username, password); if (user != null) { request.getSession().setAttribute("user", user); // Login user. return "home"; // Redirect to home page. } else { request.setAttribute("error", "Unknown username/password. Please retry."); // Store error message in request scope. return "login"; // Go back to redisplay login form with error. } } }
@Override public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpSession httpSession = httpRequest.getSession(); if (null == httpSession.getAttribute(RegistryCenterRestfulApi.REG_CENTER_CONFIG_KEY)) { loadActivatedRegCenter(httpSession); } if (null == httpSession.getAttribute(EventTraceDataSourceRestfulApi.DATA_SOURCE_CONFIG_KEY)) { loadActivatedEventTraceDataSource(httpSession); } filterChain.doFilter(servletRequest, servletResponse); }
@WebServlet(name = "LogoutServlet", urlPatterns = {"/logout"}) public class LogoutServlet extends HttpServlet { @Override protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(false); // Destroys the session for this user. if (session != null) session.invalidate(); // Redirects back to the initial page. response.sendRedirect(request.getContextPath()); } }
@Override public void doFilter(HttpServletRequest wrappedRequest) { assertThat(wrappedRequest.getSession().getAttribute(ATTR)) .isEqualTo(VALUE); wrappedRequest.getSession().removeAttribute(ATTR); assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isNull(); } });
public static void setAuthenticationTokenWithoutRecreatingSession(AuthenticationToken<?> authenticationToken, HttpServletRequest request) { LOGGER.debug("Setting authentication on existing session."); request.getSession().setAttribute(AUTHENTICATION_TOKEN, authenticationToken); }
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { String contextPath = request.getContextPath(); // System.out.println(contextPath); String uri = request.getRequestURI(); LOGGE.info("UserAgent: {}", request.getHeader(USER_AGENT)); LOGGE.info("用户访问地址: {}, 来路地址: {}", uri, IPKit.getIpAddrByRequest(request)); //请求拦截处理 UserVo user = TaleUtils.getLoginUser(request); if (null == user) { Integer uid = TaleUtils.getCookieUid(request); if (null != uid) { //这里还是有安全隐患,cookie是可以伪造的 user = userService.queryUserById(uid); request.getSession().setAttribute(WebConst.LOGIN_SESSION_KEY, user); } } if (uri.startsWith(contextPath + "/admin") && !uri.startsWith(contextPath + "/admin/login") && null == user) { response.sendRedirect(request.getContextPath() + "/admin/login"); return false; } //设置get请求的token if (request.getMethod().equals("GET")) { String csrf_token = UUID.UU64(); // 默认存储30分钟 cache.hset(Types.CSRF_TOKEN.getType(), csrf_token, uri, 30 * 60); request.setAttribute("_csrf_token", csrf_token); } return true; }
final HttpSession session = request.getSession(false); LOG.info( "Invalidating session " + session.getId() ); session.invalidate(); final HttpSession session = request.getSession(); final String removeKey = request.getParameter(PARAM_REMOVE); if (removeKey != null && !"".equals(removeKey)) { final String[] keys = removeKey.split(","); LOG.info("Removing " + (keys.length > 1 ? "keys " : "key ") + Arrays.asList(keys)); for (final String key : keys) { session.removeAttribute(key); while ( attributeNames.hasMoreElements() ) { final String name = attributeNames.nextElement().toString(); final Object value = session.getAttribute( name ); out.println( name + "=" + value );
@Override public void doFilter(HttpServletRequest wrappedRequest) { wrappedRequest.getSession().setAttribute(ATTR, VALUE); assertThat(wrappedRequest.getSession().getAttribute(ATTR)) .isEqualTo(VALUE); assertThat( Collections.list(wrappedRequest.getSession().getAttributeNames())) .containsOnly(ATTR); } });
@Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { String targetUrl = request.getParameter(getTargetUrlParameter()); if (BLCRequestUtils.isOKtoUseSession(new ServletWebRequest(request))) { request.getSession().removeAttribute(SESSION_ATTR); } if (StringUtils.isNotBlank(targetUrl) && targetUrl.contains(":")) { getRedirectStrategy().sendRedirect(request, response, getDefaultTargetUrl()); } else { super.onAuthenticationSuccess(request, response, authentication); } } }